The Tea on Cybersecurity

Is your business one cyberattack away from chaos? Most companies don't think about cybersecurity until they're in crisis mode—but by then, the damage is done.In this episode, Jara Rowe talks with Michael Magyar, an experienced virtual Chief Information Security Officer (vCISO). They cover what a vCISO does, why more companies are choosing virtual over full-time, and how to know when it's time to bring one in. Michael shares examples of helping businesses avoid costly mistakes, explains how vCISOs assess risk, and offers advice for small teams trying to do more with less.Key takeaways:Common cybersecurity challenges vCISOs help solveWhat a typical engagement with a vCISO looks likeAdvice for SMBs with limited budgets trying to prioritize cybersecurityEpisode highlights:(00:00) Today's topic: Breaking down the role of a vCISO(05:32) vCISO vs. traditional in-house CISO(07:11) Why small businesses benefit from a vCISO(09:53) Real examples of vCISOs making a difference(13:52) What it's like working with a vCISO(16:00) Key indicators your business needs a vCISO(20:54) How to prioritize cybersecurity on a budgetConnect with the host:Jara Rowe's LinkedIn - @jararoweConnect with the guest:Michael Magyar's LinkedIn - @michael-magyar-cyqualConnect with Trava:Website - www.travasecurity.comBlog - www.travasecurity.com/learn-with-trava/blogLinkedIn - @travasecurityYouTube - @travasecurity

Cybersecurity lingo can be overwhelming, but once you get the hang of the essentials, staying secure becomes much easier.In this episode, host Jara Rowe sits down with Marie Joseph, Senior Security Advisor at Trava, to break down key terms like vCISO, PII, and cybersecurity maturity models. They also differentiate between terms like hacker vs. threat actor and firewall vs. antivirus by highlighting the nuances that matter most. Plus, Marie reveals why continuous compliance is crucial, and how concepts like attack surface and risk tolerance fit into the bigger picture of your security strategy.Key takeaways:Essential cybersecurity terms and definitions: vCISO, PII, and more The importance of understanding and managing your attack surfaceWhy cybersecurity compliance can't be a one-time effortEpisode highlights:(00:00) Today's topic: Understanding cybersecurity terms(01:47) What is a vCISO, and why it benefits small businesses(02:54) Definition of PII, BCP, SIEM, DevSecOps, and BCRA (08:40) Hackers vs. threat actors Explained(10:28) Why businesses need an antivirus and a firewall(13:37) Patch management and cybersecurity attack surfaces(16:04) Continuous cybersecurity compliance(21:27) Recapping cybersecurity essentialsConnect with the host:Jara Rowe's LinkedIn - @jararoweConnect with the guest:Marie Joseph's LinkedIn - @marie-joseph-a81394143Connect with Trava:Website - www.travasecurity.comBlog - www.travasecurity.com/learn-with-trava/blogLinkedIn - @travasecurityYouTube - @travasecurity

Cyber threats are evolving, security rules are tightening, and the idea of a ‘safe network' is quickly disappearing. So what does that mean for businesses and individuals trying to stay protected?To kick off Season 4, host Jara Rowe revisits key lessons from past seasons and unpacks the biggest cybersecurity trends shaping the industry today. This season will take a deeper look at AI governance, compliance challenges, and penetration testing—critical areas companies can't afford to ignore.With cybersecurity changing fast, businesses must decide how to adapt before they fall behind. The answers start here.Key takeaways:Why cybersecurity is a team effort, not just IT's jobHow AI is changing both cyber defense and cybercrimeHow vCISOs are filling critical security gaps for businessesEpisode highlights:(00:00) Today's topic: How cybersecurity is evolving (01:21) Major lessons from past seasons(05:38) Current cybersecurity trends(08:26) What to expect in season 4Connect with the host:Jara Rowe's LinkedIn - @jararoweConnect with Trava:Website - www.travasecurity.comBlog - www.travasecurity.com/learn-with-trava/blog/LinkedIn - @travasecurityYouTube - @travasecurity

We've come to the end of another Season of The Tea on Cybersecurity and you know what that means. Join host Jara Rowe in her ultimate receipts from season 3. She highlights the most important things she has learned from her guests this season including why MFA is key to keeping yourself safe online, how to manage vulnerabilities, what steps you need in preparing for cybersecurity incidents, and how to cultivate trust and transparency within your organizations.Listen in as Jara revisits her conversations with all of our Season 3 guests including Trava CEO Jim Goldman, Craig Saldanha and Mario Vlieg with Insight Insurance, and John Boomershine with BlankInkIT, among others. In this episode, you'll learn:Multi-Factor Authentication (MFA) is Your Best Friend: It's like adding an extra lock to your door to keep the bad guys out—and who doesn't want that extra peace of mind? Enabling MFA can be a game-changer in protecting against cyber vulnerabilities. It's easy to implement and adds that essential layer of security without the hassle!Bring Your Own Device (BYOD) Take Control of Your Digital Inventory: This is a deep dive on how to make sure all devices, company-owned or personal, are secure and compliant in this digitally diverse world. This is super relevant for those offering flexible work arrangements and want to stay ahead in your cybersecurity game.Establishing Trust and Transparency is Key: This isn't just about securing your systems but also about earning and maintaining the trust of your customers and stakeholders— whether it's securing communications through encryption or ensuring third-party vendors are just as vigilant. Jump into the conversation:[00:00 - 00:41] Introduction to the Tea on Cybersecurity podcast[00:41 - 3:46] The importance of MFA[03:47 - 05:07] MFA in cyber hygiene[05:08 - 06:02] Employee training as a vital part of cybersecurity defense strategy[06:52 - 07:45] BOYD (bring your own device) and the challenges of inventory management[07:45 - 10:07] A different way to think about risk[10:08 - 12:12] The difference between risks and vulnerabilities[12:18 - 13:24] The difference between breaches and incidents[13:25 - 14:15] What to do if an incident should occur[14:19 - 16:17] Steps to take if an incident were to occur with a third-party vendor[16:18 - 17:58] Why trust is foundational to cybersecurity[17:59 - 19:03] How a compliance framework is like a cookbook[19:03 - 21:21] Cybersecurity in healthcare and bankingConnect with the host:Jara Rowe's LinkedInConnect with Trava:Website www.travasecurity.comBlog www.travasecurity.com/blogLinkedIn @travasecurityYouTube @travasecurity

"Multi-factor authentication? You better get it today. Don't wait till tomorrow." – Jim GoldmanWe talk a lot about SaaS companies in this show, but today, we're bringing you something a little different. Jim Goldman, CEO of Trava and one of our favorite cybersecurity experts, joins host Jara Rowe to discuss the complexities of cybersecurity across healthcare and banking, including their unique challenges and regulatory requirements.Jim discussed how healthcare organizations navigate a web of medical providers, claims processors, and pharmacies while adhering to the stringent HIPAA regulations. He also discusses how banking and finance sectors have long led the way in cybersecurity, thanks to rigorous compliance standards meant to protect both consumer data and financial integrity. He offers compelling analyses and real-world examples, like how a simple multi-factor authentication (MFA) oversight can lead to billion-dollar repercussions.In this episode, you'll learn:How the banking and healthcare industries keep our sensitive information safe and how it all comes back to those pesky (yet essential!) regulationsThe importance of regulations like HIPAA and how they help guard this vast data network and ensure your health information stays secureYet another reason why Multi-Factor Authentication (MFA) is a cybersecurity must-haveJump into the conversation: [00:00 - 00:46] Introduction to cybersecurity beyond SaaS and Jim Goldman[00:47 - 02:58] How cybersecurity differs in Healthcare and Banking vs. SaaS[02:58 - 05:41] The most pressing cybersecurity threats facing healthcare organizations today[05:41 - 08:25] How healthcare institutions are adapting their cybersecurity to ensure data integrity[09:17 - 13:00] ​​Key cybersecurity risks in banking and finance and how they are mitigating these risks[13:01 - 14:33] What is GDPR? [14:34 - 15:11] What is PCI DDS?[15:11 - 16:11] How financial institutions prioritize cybersecurity initiatives to maintain compliance[16:45 - 19:48] Jara's receiptsConnect with the Guest:Jim Golman's LinkedInConnect with the host:Jara Rowe's LinkedInConnect with Trava:Website www.travasecurity.comBlog www.travasecurity.com/blogLinkedIn @travasecurityYouTube @travasecurity

"Every business today runs on technology. Every business is a technology business. Right? Even a taco cart uses a little payment thing that you swipe your card in to do that." - Michael MagyarMichael Magyar, a seasoned cybersecurity expert with a decade of experience, joins host Jara Rowe on this episode of The Tea on Cybersecurity to give us the tea on third-party risks. As a penetration tester and a virtual Chief Information Security Officer (vCISO) with Trava, Michael brings unparalleled insight into the challenges and solutions surrounding vendor security. Michael and Jara discuss the complex subject of third-party risks and why every business, big or small, needs to be cautious about their vendors' security practices. From identifying potential risks to evaluating security measures, Michael offers essential steps businesses should take if a vendor experiences a security incident, stressing the importance of containment, breach notification, and calling in the right experts for help.Key Takeaways:Third-Party risks are everywhere and to understand where these gaps could be, think about a vendor or third-party as “outsourced staff”What to look out for when working with any vendor or third - party, namely Public Statements of SecurityHow to handle a situation if a vendor or third-party of yours is breachedTimestamps:[00:00 - 01:24] Introducing Identifying Third-Party Vendor Risks with Michael Magyar, Trava[01:25 - 02:36] Expanding understanding of vendors and third parties[03:59 - 05:25] Real-world examples of third-party risks - SolarWinds in 2020 and XZ Utils in 2024[02:36 - 03:59] How to identify risks associated with vendors and third parties[05:25 - 07:53] Red flags to look out for, plus Microsoft breach [07:54 - 09:16] Penetration testing and third-party security[09:16 - 11:19] Other ways that businesses can help evaluate the security practices of a third-party[11:19 - 12:54] Key cybersecurity measures to look for when working with a vendor[12:54 - 13:40] Why it's essential for businesses to regularly check in on their external partners' cybersecurity efforts[13:41 - 15:42] Cybersecurity steps my company needs to take when signing on with a new vendor[16:41 - 20:02] Jara's ReceiptsConnect with the Guest:Michael Magyar's LinkedInConnect with the host:Jara Rowe's LinkedInConnect with Trava:Website www.travasecurity.comBlog www.travasecurity.com/blogLinkedIn @travasecurityYouTube @travasecurity

“Trust is foundational to both the relationship, interpersonal relationship, B2B relationship. Then also we're having to convey that trust to our customers," - John BoomershineJohn Boomershine– also known as Boomer– sits down with host, Jara Rowe in this episode of The Tea on Cybersecuity to talk about trust and transparency in cybersecurity. As the Vice President of Security and Compliance at BlackInk IT, Boomer brings nearly 40 years of experience in the IT realm, and a wealth of knowledge particularly focused on cybersecurity and compliance. Boomer and Jara discuss why trust and transparency are absolute bedrocks in the world of cybersecurity. Boomer elaborates on the importance of effective communication, revealing how businesses can use privacy policies and FAQ sections to build consumer confidence. He takes us through the game-changing NIST and CIS frameworks and why adopting these can fortify your cybersecurity strategy. Additionally, he stresses the importance of having a solid incident response plan when things go south and emphasizes that cybersecurity is a team effort—everyone has a role to play, from implementing MFA to raising your hand when in doubt.In this episode, you'll learn: Trust is foundational for cybersecurity in any organization and the cornerstone of a great client relationshipWhy you need to have a superhero plan for cyber incidents to tackle any problem that may come up quickly and efficiently.To boost your customer confidence and safety, you need to adopt a cybersecurity framework to act as your compass, guiding you on what's essential to protect your business and your data. Things to listen for:[00:00- 00:55] Introduction to The Tea on Cybersecurity[01:53 - 03:16] Trust is foundational in cybersecurity and business[03:16 - 05:34] Effectively communicating data handling with your customers [05:35 - 08:41] CIS controls framework: 18 sections, 153 safeguards.[08:42 - 11:10] Data collection transparency and where companies should focus on[11:15 - 12:46] Some of the biggest challenges businesses face in maintaining transparency and trust[12:46 - 14:12] Combating cyber threats with teamwork and commitment[14:14 - 16:03] Final thoughts from Boomer[16:17 - 19:55] Jara's ReceiptsResources:How SOC2 helps you build trust with clients7 Tips for Talking to Your Customers After Getting HackedConnect with the Guest:John Boomershine's LinkedInConnect with the host:Jara Rowe's LinkedInConnect with Trava:Website www.travasecurity.comBlog www.travasecurity.com/blogLinkedIn @travasecurityYouTube @travasecurity

“Education is by far the most cost-effective tool that you can deploy in your organization before any other types of information, security controls, or complex tools or any additional services. Using the hygiene analogy, you can buy the most expensive toothbrush, and you can buy the fanciest toothpaste. But if you don't teach your child that they need to brush their teeth every night, they're still going to get cavities.” - Mario VliegHost Jara Rowe and guests Craig Saldanha and Mario Vlieg discuss good digital hygiene practices in this episode. We dive into best digital hygiene practices, common weak spots, and digital breach response plans.Learn more about technology trends like AI and machine learning that enhance cyber defenses, practical tips and resources for improving cyber hygiene habits, and future challenges and opportunities in the field. We also explore regulatory standards, frameworks, and compliance, emphasizing their contribution to robust cyber hygiene practices. In this episode, you'll learn: Why employees should be educated about the latest cyber threats, recognize phishing attempts, and adopting best practices in cybersecurity. What steps organizations and individuals can take to assess and recover effectively in a data breach.Why advancements in technologies are enhancing cyber hygiene efforts even as they introduce new risks. Things to listen for:[01:20 - 02:14] Definition of cyber hygiene[03:12 - 03:59] The role of Employee training and awareness in cyber hygiene[03:59 - 04:52] How often organizations and individuals should review digital hygiene practices[05:08 - 06:00] Emerging technologies that can help with cyber hygiene efforts[06:00 - 08:23] Tips and resources for improving cyber hygiene habits[08:26 - 09:18] Challenges and opportunities in the future of cyber hygiene[09:20 - 10:04] The most cost-effective cyber security tool for early SaaS companies and founders [10:17 - 11:56] What steps organizations should take to assess the impact and recover from a data breach[12:00 - 13:56] How compliance standards and frameworks improve cyber hygiene practices[13:56 - 15:39] Proactive steps to improve cyber hygiene practices[15:47 - 19:15] Jara's receiptsResources:Cyber Hygiene ExplainedCybersecurity Awareness Training is Not an Option, It's EssentialData Security 101: Decoding Incidents and BreachesWhy Human Error is the Cause of Most Data BreachesConnect with the Guest:Craig Saldanha's LinkedInMario Vlieg's LinkedInConnect with the host:Jara Rowe's LinkedInConnect with Trava:Website www.travasecurity.com Blog www.travasecurity.com/blogLinkedIn @travasecurityYouTube @travasecurity

“Especially if this is the first time an organization is creating a plan like this, the focus should really be working on it piece by piece to not be overwhelmed. So, start outsmall. What are the designated roles and responsibilities that you have? Then, determine how the plan can best fit your needs. This can be done by assessing what types of incidents are most detrimental to your organization.” - Christina AnnechinoHost Jara Rowe and guest Christina Annechino delve into incident response plans and tabletop exercises in this week's episode. We'll identify common challenges with developing incident response plans and the ins and outs of tabletop exercises. Gain tips on forming an incident response plan and insight into the documentation and testing requirements and compliance standards such as NIST, SOC 2, PCI DSS, and ISO 27001. We provide a comprehensive understanding of the critical elements and processes involved in incident response planning, compliance, and tabletop exercises.In this episode, you'll learn: What defines an incident, and what to include in an incident response plan to be prepared and compliant. Why tabletop exercises are essential for identifying any gaps in the documented processes and procedures and preparing teams for emergencies.How incident response plans and tabletop exercises are crucial in compliance readiness and maintaining security certifications. Things to listen for:[01:58 - 02:40] Definition of an incident and incident response plan[03:55 - 04:34] Tips for creating an incident response plan[04:51 - 05:25] The role of incident response plans in overall risk management[05:33 - 06:00] How incident response plan maintain security and annual certifications[06:21 - 07:05] Definition of a tabletop exercise and its role in incident response plans[07:10 - 08:18] How often to conduct tabletop exercises and their challenges and benefits[08:34 - 09:19] Addressing compliance-related aspects through tabletop exercises[09:30 - 09:59] Compliance standards and the importance of testing incident response capabilities[10:06 - 10:36] Demonstrating a functional incident response plan during compliance audits[10:47 - 10:56] Structure of documentation for incident response plans and tabletop exercises[11:07 - 11:43] Tips on creating an incident response plan and the purpose of tabletop exercises[12:1 - 15:15] Jara's receiptsResources:Data Security 101: Decoding Incidents and BreachesData Breach Preparedness: Developing an Incident Response Plan7 Tips for Talking to Your Customers After Getting HackedConnect with the Guest:Christina Annechino's LinkedInConnect with the host:Jara Rowe's LinkedInConnect with Trava:Website www.travasecurity.com Blog www.travasecurity.com/blogLinkedIn @travasecurityYouTube @travasecurity

“Keeping the inventory up to date, make sure that you have all possible points of entry covered and accounted for, similar to a building. When people try to put safeguards for a building, you're doing it, but just like on a network that you can't really physically see if you're missing an asset, that is a hole for an attacker to get into, and we do not want to give them easy access to things for sure.” - Marie JosephThis episode's conversation covers the basics of asset inventories and asset management with host Jara Rowe and guest Marie Joseph, Senior Security Solutions Engineer at Trava. We discuss the categories of assets and the challenges of establishing a comprehensive asset inventory.Hear how tracking and managing hardware and software within an organization is necessary for cybersecurity compliance. We dissect the impact of Bring Your Own Device (BYOD) policies on asset management, the concept of shadow IT, and the role of automated tools and technologies in asset management tasks.In this episode, you'll learn: Why asset inventories are a crucial part of cybersecurity and compliance and the challenges of continuous upkeep.How “Bring Your Own Device” (BYOD) policies help and hinder operations, including cybersecurity risk levels.Why most compliance frameworks require companies to maintain different types of inventories to ensure that security and privacy measures are in place and monitored to meet regulatory requirements. Things to listen for:[00:00 - 00:18] Intro to The Tea on Cybersecurity[00:48 - 02:44] The definition of asset inventory and asset management[04:06 - 04:34] Maintaining an accurate software inventory for compliance with licensing agreements[04:34 - 05:51] Common challenges with establishing a complete asset inventory[07:42 - 09:27] Explanation of shadow IT, traditional asset management, and cybersecurity efforts[09:34 - 10:29] How asset management contributes to maintaining compliance.[12:04 - 13:30] Using automated tools in asset management tasks for continuous compliance[13:48 - 14:55] The importance of tracking all devices connected to a network[15:23 - 17:48] Jara's receiptsResources:From Bonnie and Clyde to Hackers: Taking the First Step to Protecting Your Digital AssetsRegular Software Updates and Patching: The Importance of Staying on Top of ThisConnect with the Guest:Marie Joseph's LinkedInConnect with the host:Jara Rowe's LinkedInConnect with Trava:Website www.travasecurity.com Blog www.travasecurity.com/blogLinkedIn @travasecurityYouTube @travasecurity

“Not only do we need to understand what risks might exist, but we need to understand what impact that might have. That goes into both the chance that they're going to happen and the chance that they're going to be successful in creating damage, and then also the likely damage that's going to happen from them.” - Michael MagyarOn this week's episode, host Jara Rowe gets the tea on risk management with Trava's vCISO consultant, Michael Magyar. Hear what risk management is, how it differs from crisis management, and what considerations fall under each to maintain compliance. This episode serves as a comprehensive guide for listeners looking to gain a better understanding of risk management, compliance, and general cybersecurity practices. Michael encourages a proactive approach to risk assessment and management to enhance organizational cybersecurity with actionable advice. What you're learn:Why risk management is proactive and crisis management is reactive, and how to approach both from a preparation standpoint.What components of risk management realistically fall under compliance, and why understanding this helps you mitigate potential risk.How to start small with risk assessment to identify possible risks and how they might impact your business to build a foundation for effective risk management and cybersecurity practices. Things to listen for:[02:57 - 03:28] Explanation of risk as exposure to danger, harm, or loss[05:45 - 06:53] The importance of risk management for businesses[06:59 - 07:54] Comparison of risk management and crisis management[08:14 - 10:00] Key components of being proactive in cybersecurity[10:07 - 12:27] The role of risk management in compliance efforts[12:37 - 14:38] Challenges and tips in aligning risk management with compliance standards[15:17 - 17:47] Michael's advice for organizations and general cybersecurity[17:55 - 20:32] Jara's receiptsResources:How to Choose the Right Cyber Risk Management Solution ProviderWhat is Risk Management?Connect with the host:Jara Rowe's LinkedInConnect with Trava:Website www.travasecurity.com Blog www.travasecurity.com/blogLinkedIn @travasecurityYouTube @travasecurity

“So the concept of vulnerability management in many ways is universal. And so if we think about it in a physical sense, try to keep our homes or our businesses secure from a physical sense. It's one of the vulnerabilities. Leaving your doors unlocked, leaving your windows unlocked, leaving a candle lit, and then leaving the house and going somewhere. Those are vulnerabilities.” - Jim GoldmanJoin our host, Jara Rowe, as she sits down with Trava CEO and Co-founder Jim Goldman to uncover the fundamental importance of vulnerability management in cybersecurity and compliance. In this episode, you'll learn why vulnerability management matters and why businesses can't afford to overlook it.This episode is your opportunity to gain practical insights and empower yourself with the knowledge needed to navigate the world of cybersecurity. Equip yourself to protect your business and stay ahead of the game.Here are the main insights you can expect to take away from this episode:How vulnerability management involves finding and fixing things that hackers could exploit, much like conducting a home inspection for your cybersecurity.Why vulnerability management is fundamental for your business and crucial for all compliance frameworks and regulations.Why conducting vulnerability management continuously is essential for the security of your business and your customers' data and how to tackle vulnerability management without feeling daunted.Things to listen for:[01:05 - 03:12] The concept of vulnerability management is universal[03:12 - 04:53] Where to begin with vulnerability management[04:54 - 06:14] How vulnerabilities in a system relate to compliance requirements[06:14 - 09:14] Audits as the critical last step to certification and compliance[13:04 - 14:07] When vulnerability management comes into play during the certification process[14:11 - 15:30] Essential components of a vulnerability management program[15:32 - 17:13] Using technology to identify, prioritize, and fix vulnerabilities[17:27 - 19:17] Common challenges organizations typically face in implementing vulnerability management[20:39 - 21:27] Jim's final thoughts on vulnerability management[21:47 - 23:51] Jara's receiptsResources:Understanding the Role of Vulnerability Scanning in SOC 2 ComplianceWhy Vulnerability Management Helps Defend Against Cyber AttacksConnect with the Guest:Jim Goldman's LinkedInConnect with the host:Jara Rowe's LinkedInConnect with Trava:Website www.travasecurity.com Blog www.travasecurity.com/blogLinkedIn @travasecurityYouTube @travasecurity

“Find a compliance platform, it'll make life a lot easier. Then I would develop the policies and procedures, if you don't already have those, and then collect evidence to justify, to prove everything you're doing that's in the framework. It's going to be important for audits and just internal or external audits.” - Scott SchlimmerIn this episode, host Jara Rowe is once again joined by cyber risk specialist Scott Schlimmer with a deep dive into the world of compliance frameworks and certifications. Listen as we explain the challenges of compliance and non-compliance with certification programs in cybersecurity. Learn which regulated industries must follow specific frameworks and how noncompliance can affect business opportunities and your bottom line. We also unravel Fedramp, CMMC, CCPA, and CPRA, offering a clearer understanding of their cybersecurity roles. In this episode, you'll learn:How to follow a compliance framework without having the certification, though having the certification can demonstrate to partners and customers that your organization has strong cybersecurity measures.The significance of certifications and the value of the NIST framework as a reliable source for general cybersecurity best practices.What the legal and financial consequences of noncompliance for different industries may be, such as failing to follow frameworks like Fedramp or CMMC when working with the government. Things to listen for:[00:47 - 01:27] The relationship between compliance frameworks and certification programs[01:27 - 02:54] The difference between regulated and non-regulated industries[02:54 - 04:40] Explanation of the NIST framework and insights into other compliance acronyms[04:40 - 08:59] Multiple compliance frameworks, compliance audits, and non-compliance issues[08:59 - 10:54] Improving cybersecurity posture, security assessment, and maturity models[10:54 - 13:56] Preparation for compliance audits and the importance of a compliance platform[13:56 - 14:31] How to become compliant or get certified and reasons for external assistance[14:38 - 17:20] Jara's receiptsResources:Cracking the Code: Understanding Cybersecurity Compliance FrameworksWhat is the NIST Framework?Conquer Compliance Jargon: Download the Free Cybersecurity Compliance GlossaryConnect with the Guest:Scott Schlimmer's LinkedInConnect with the host:Jara Rowe's LinkedInConnect with Trava:Website www.travasecurity.com Blog www.travasecurity.com/blogLinkedIn @travasecurityYouTube @travasecurity

“It's hard to have privacy without security and to have effective security that requires strong protection of personal identifiable information, or PII. So security, privacy, and compliance really must go hand in hand. If one is prioritized over the other, it can have an adverse effect.” - Christina AnnechinoOn this episode, we welcome back both Christina Annechino and Marie Joseph to bring us back to a little more 101 on Cybersecurity. With host Jara Rowe, the team breaks down terms and buzzwords that you need to know to keep you and your company's data safe. Find out the difference between a breach and an incident, the nuances of security, privacy, and compliance, and gain insights into the crucial importance of cyber hygiene. We'll also explore the key differences between data security and data protection, understanding acronyms like GDPR, CCPA, HIPAA, and PIPEDA, and grasping the significance of maintaining asset inventories.In this episode, you'll learn: The difference between a breach, when a threat actor gains unauthorized access, and an incident, where data is compromised, is crucial for proactive security measures.Understand frameworks vs. standards: Frameworks provide an overview of requirements for compliance and certification, while standards outline specific criteria that must be met, forming the foundation of cybersecurity best practices.The importance of cyber hygiene or the tools, processes, and policies you need to maintain a strong security posture, enabling constant improvement in cybersecurity health within organizations.Things to listen for:[00:24 - 02:47] Introduction to episode and compliance series[02:57 - 04:25] The difference between security and privacy and compliance[04:28 - 06:08] The challenges in balancing security, privacy and compliance[06:26 - 07:24] The difference between risk and control[07:31 - 09:46] The difference between a breach and an incident[09:58 - 11:03] The difference between data security and protection[11:03 - 12:18] The most common data protection regulations[12:31 - 13:10] The difference between frameworks and standards[13:22 - 14:50] What is RBAC and how it relates to cybersecurity[14:50 - 16:45] The meaning of IoT and maintaining inventory assets[16:50 - 18:00] What does Cyber Hygiene mean[18:01 - 20:37] Jara's receiptsResources:Conquer Compliance Jargon: Download the Free Cybersecurity Compliance GlossaryData Security 101: Decoding Incidents and BreachesSafeguarding Your Connected Devices: A Practical Approach to IoT SecurityConnect with the Guest:Marie Joseph's LinkedInChristina Annechino's LinkedInConnect with the host:Jara Rowe's LinkedInConnect with Trava:Website www.travasecurity.com Blog www.travasecurity.com/blogLinkedIn @travasecurityYouTube @travasecurity

“There's a converging of several forces or several trends going on right now that I think are going to potentially cause significant changes in 2024.”@Jim Goldman, CEO of Trava Security, knows a thing or two about cybersecurity. In this episode, Jim and host @Jara Rowe dive into the latest scoop on what's happening in the world of cybersecurity and compliance and what you need to know to keep your business safe and secure in 2024. They discuss how ransomware is alive and well, and federal governments worldwide are taking a stand, which is great news for us, bad news for the cyber terrorists. They also talk about the changes in the compliance landscape in 2024, with a big focus on changing breach disclosures and cybersecurity risk management. They also filled us in on a very helpful resource – CISA, Cybersecurity and Infrastructure Security Agency – available for all of us to stay up-to-date on compliance. In this episode, you'll learn: Ransomware is a real and growing threat. Learn how federal governments are joining forces to tackle this issue, and discover proactive measures like multifactor authentication to keep your business safe.Compliance equality through new regulations are ensuring that all companies, public and private alike, are held to the same standard for cybersecurity risk management and breach disclosures.How to secure company laptops and contractor access to ensure remote work resilienceThings to listen for:[01:51 -5:14] Overview of Cybersecurity and Compliance Landscape in 2024[5:14 - 6:38] Proactive Measures we can take to mitigate Ransomware attacks[8:34 - 9:58] Cyber Insurance [9:59 - 13:40] Changes in Compliance Frameworks in 2024[16:16 - 19:01] Other threats to be on the lookout in 2024 include work-from-home issues[21:53 - 23:28] How to stay agile and resilient[24:25 - 25:36] Final thoughts from Jim[25:48 - 28:54] Jara's receiptsResources:Unlocking Cybersecurity and Compliance Success in 2024A Global Escalation: Ransomware Threats, Trends, and Solutions for 2024Cybersecurity for Remote Workers: Best Practices for Securing Your Home OfficeISO 27001 Certification: What Is It and Why Does It Matter?Connect with the Guest:Jim Goldman's LinkedInConnect with the host:Jara Rowe's LinkedInConnect with Trava:Website www.travasecurity.com Blog www.travasecurity.com/blogLinkedIn @travasecurityYouTube @travasecurity

You asked for it, so we're back for another season of your favorite cybersecurity podcast, The Tea on Cybersecurity. In the last two seasons, host Jara Rowe covered everything from the basics – what is phishing? – to implementation – do I need cyber insurance? This season, we dive deep into compliance but, true to our word, simplify things and cover more basics – a must-listen boost your cybersecurity knowledge!Connect with the Host: Jara Rowe's LinkedInConnect with Trava:Website - www.travasecurity.comBlog - www.travasecurity.com/blogLinkedIn -@TravaSecurityYouTube - @TravaSecurity

"Having a really thorough cybersecurity plan is essential. It's honestly what everything comes down to."We've reached the end of season 2 of the Tea on Cybersecurity, where we wrap up the season with the most important receipts learned from previous guests.In this episode, we touch on the importance of conducting cyber risk assessments to understand the current risks in your business, the difference between audits and assessments, the significance of having a strong cybersecurity plan as your foundation, the steps to take in building a secure system, and more.In this episode, you'll learn:The importance of Multi-Factor Authentication Why none of us are fully safe, but how we can become as safe as possible Why cyber insurance policies are essentialThings to listen for:[01:35 - 2:48] What are cyber risk assessments, and why are they important?[03:01 - 5:03] The difference between audits and assessments.[07:34 - 9:04] Why building a strong, secure system before looking into compliance framework is key.[11:18 - 13:01] What proactive and reactive assessments are.[13:23 - 14:08] The importance of pen testing.[15:10 - 16:18] Why you should implement cybersecurity awareness training.

"Cybersecurity awareness training is not about creating cybersecurity experts. It's about making staff and stakeholders aware of the threats and how to respond to them."In this episode of The Tea on Cybersecurity, VP of Customer Success at Carbide, @Kathy Issac, joins host @Jara Rowe to discuss the ins and outs of cybersecurity awareness training and why every company must partake in it.As the world leans increasingly into technology, cybersecurity awareness training is crucial for businesses and individuals. Without this training, companies are putting their business at risk for malicious attacks, data breaches, and cyber threats.Join us as Kathy shares how to engage your company in this training effectively, the secrets to tailoring this practice to different audiences for effectiveness, and what could go wrong if not taught properly.In this episode, you'll learn: What cybersecurity training is and why it's important to tailor it to different audiences.Common but detrimental mistakes that companies make when it comes to cybersecurity awareness training.Why cybersecurity awareness training is crucial for remote work.Things to listen for:[03:04] What is cybersecurity awareness training, and why it's important.[04:21] How companies can tailor cybersecurity awareness training to different audiences for effectiveness.[07:53] How to make cybersecurity awareness training more effective and engaging.[09:47] Common mistakes companies make regarding cybersecurity awareness training and best practices to take.[13:13] How to measure cybersecurity awareness training effectiveness.Connect with the Guest:Kathy Isaac's LinkedInConnect with the host:Jara Rowe's LinkedInConnect with Trava:Website www.travasecurity.com Blog www.travasecurity.com/blogLinkedIn @travasecurityYouTube @travasecurity

"The shift to remote work has transformed the cybersecurity landscape, forcing companies to rethink their approach to protecting their attack surface."In this episode of The Tea on Cybersecurity, @Jara Rowe sits down with Trava Senior Security Engineer @Anh Pham to discuss the blend of remote work and cybersecurity. The shift to remote work has significantly transformed the cybersecurity landscape, forcing companies and cybersecurity professionals to rethink their approach to protecting their data and assets. Due to this, businesses face unique cybersecurity challenges. To address these challenges, organizations need to enforce security controls at the device and user level, consider individual protection for each tool and resource, and implement strong access management policies and identity management tools. Join us as Anh dishes practical tips for beginners, ensuring you're armed with the know-how to stay safe in the virtual world.What you'll learn in this episode: The challenges businesses face and how they're adapting their security controls to protect against cyber threats in the remote work environment.Methods and approaches businesses can take to keep their files and content secure.Institute the Zero Trust rule when working from home: stay focused and err on the side of caution when an email or communication seems fishy.Things to listen for:[01:56] Cybersecurity challenges that businesses face and how they address them.[04:32] How remote work has changed the auditing process.[05:50] How organizations can ensure the right individuals access sensitive resources.[09:09] Anh's best practices for educating on preventing remote work breaches.[11:41] How the human factor in social engineering and phishing attacks come into play when considering remote work access security.[13:37] Trends Anh foresees in terms of cybersecurity needs, particularly in the realm of remote access management.Connect with the Guest:Anh Pham's LinkedInConnect with the host:Jara Rowe's LinkedInConnect with Trava:Website www.travasecurity.com Blog www.travasecurity.com/blogLinkedIn @travasecurityYouTube @travasecurity

"Proactive protection is not just about fixing vulnerabilities, it's about implementing a comprehensive security strategy and understanding your system boundaries and actively defending against cyber threats before they can breach your defenses."In the latest episode of The Tea on Cybersecurity, @Jara Rowe talks with @Jim Goldman and @Ryan Dunn to uncover the importance of being proactive in cybersecurity management to avoid the pitfalls of a cyber attack.To be proactive, companies need to implement various security processes and technologies. These include patching management to ensure systems are up to date with the latest security patches, multi-factor authentication to add an extra layer of protection for accessing sensitive information, and security awareness and training programs to educate employees about potential threats and best practices.By implementing these measures, companies can reduce the number of vulnerabilities in their systems over time.Make sure to listen to the end for tips on what being proactive looks like from Jim and Ryan.What you'll learn in this episode:The importance of implementing proactive cybersecurity measures beyond vulnerability management to protect your organization from cyber attacks.The significance of understanding and assessing third party risks in order to safeguard your business and customer data.The need for agents in the insurance industry to adopt a proactive and creative mindset when dealing with cyber insurance, rather than relying on reactive approaches.Things to listen for:[1:33] What a proactive and reactive cybersecurity system is.[3:22] How a proactive approach to cybersecurity helps organizations identify and mitigate potential threats.[4:40] Why so many people typically lean towards being reactive in their cybersecurity systems.[7:21] Tips for third party checking.[9:26] What role technology can play in supporting a proactive cybersecurity strategy for both agents and their clients.[13:55] Best practices for organizations looking to adopt a proactive cybersecurity stance.Connect with the Guest:Ryan Dunn's LinkedInJim Goldman's LinkedInConnect with the host:Jara Rowe's LinkedInConnect with Trava:Website www.travasecurity.com Blog www.travasecurity.com/blogLinkedIn @travasecurityYouTube @travasecurity

"Whenever you have a piece of software that has an obligation to perform a duty, like a SaaS company, the intersection of cyber insurance and professional liability is crucial. It's important to transfer the risk with a comprehensive cyber insurance policy to protect against both code failures and potential cyber breaches."In the latest episode of The Tea on Cybersecurity, @Jara Rowe chats with @Ryan Dunn, Director of Insurance at Trava, to discuss the importance of cyber insurance as it relates to SaaS companies.Businesses heavily rely on their digital infrastructure to conduct operations, making them vulnerable to cyber attacks and breaches. This is where cyber insurance comes into play… Cyber insurance helps cover the costs associated with incident response, data recovery, legal fees, notification and credit monitoring services for affected individuals, and potential lawsuits. In today's digital age, where cyber threats are becoming increasingly common and sophisticated, having cyber insurance can help businesses mitigate the financial impact of a cyber incident and recover more quickly. Ryan breaks this all down in this episode of the Tea on Cyber Security by explaining exactly why cyber insurance is a necessity, the reasoning for why the relationship between a strong cybersecurity posture and insurance premiums is currently a challenge in the cyber insurance industry, and the key factors insurance companies should pay close attention to when it comes to assessing cyber risk of their company.This is an episode filled with information you don't want to miss out on. Listen to hear the tea on cyber insurance.What you'll learn in this episode:The importance of cyber insurance for SaaS companies and why all businesses should consider procuring it.How insurance companies assess the cyber risk of a SaaS company, including factors like master service agreements, MFA (multi-factor authentication), EDR (endpoint detection response), CVE vulnerabilities, and web app data scans.The impact of a strong cybersecurity posture on insurance premiums and the ongoing challenge of finding ways to reward companies for investing in their cybersecurity stack.Things to listen for:[03:41] SAS policy and cyber breach liability, MFA and EDR requirements for insurance, and CVE vulnerabilities and vulnerability management.[08:55] Cyber insurance frustrations: uncertain path to savings.[11:50] Limited information hampers SaaS purchasing behavior.[17:27] Continuous cybersecurity is a shared industry belief. Trava is a big supporter. Agents should check cybersecurity and deploy Atrava platform. Quarterly checks and monthly scans recommended.[21:34] Key cyber insurance policies for SaaS companies.[23:15] Essential coverage for small companies: email, ransomware, business interruption.Connect with the Guest:Ryan Dunn's LinkedInConnect with the host:Jara Rowe's LinkedInConnect with Trava:Website www.travasecurity.com Blog www.travasecurity.com/blogLinkedIn @travasecurityYouTube @travasecurity

"It's easier to protect your company's assets when you know exactly what your security posture looks like and where your problems are."In the latest episode of The Tea on Cybersecurity, @Jara Rowe chats with @Christina Annechino, Cybersecurity Analyst at Trava, to delve into the world of penetration testing or “pen Testing” and its significance in the realm of cybersecurity.Pen Testing involves carrying out controlled attacks that mimic real-world scenarios, allowing businesses to identify weaknesses before hackers can exploit them. This process enables companies to evaluate their security measures and implement more robust practices. Christina breaks down the various types of Pen Tests, including network, web application, and internal Pen Testing. She walks us through the different stages of a Pen Test, starting at reconnaissance through covering tracks and reporting,while highlighting the crucial role played by Pen Testers in uncovering vulnerabilities and offering strategies for remediation. Listen in to boost your understanding of Pen Testing to safeguard your digital assets effectively.What you'll learn in this episode:Pen Tests help companies assess their security strength and implement better security practices.The stages of a Pen Test include reconnaissance, scanning and enumeration, vulnerability assessment, exploitation, maintaining access, covering tracks, and reporting.Certified ethical hackers not only identify vulnerabilities but also provide remediation strategies to fix them. Things to listen for:[1:34] What is a Pen Test? [5:24] Stages of Pen Test: reconnaissance, scanning, vulnerability assessment, exploitation, maintaining access, covering tracks, reporting.[09:03] How Pen Testers summarize vulnerabilities and remediation strategies and prioritizing the severity of the vulnerability.[10:39] Difference between Pen Tests and ethical hackers. [11:34] Common tools and techniques used in penetration tests.Connect with the Guest:Christina Annechino's LinkedInConnect with the host:Jara Rowe's LinkedInConnect with Trava:Website www.travasecurity.com Blog www.travasecurity.com/blogLinkedIn @travasecurityYouTube @travasecurity

"The more data you have, the more painful it's going to be if you mess up your cybersecurity and all that leaks out."On the most recent episode of The Tea on Cybersecurity, host Jara Rowe is joined by Chris Vannoy from The Juice, a renowned MarTech firm, to dive into a discussion about data protection. Chris underscores the significance of SOC2 processes in ensuring data precision and controlling access, while also tackling the tough task of juggling ethical and legal restrictions with the growing need for customer data in the face of evolving privacy conditions. He offers a word of caution to companies about the importance of thoughtful data gathering and sharing protocols, emphasizing security from the get-go. The conversation also touches on the need for faith in vendors, the value of certifications like SOC2 or ISO, the privacy expectations among tech engineers, and the changing public attitude towards privacy, influenced by GDPR and the advent of new tech. This episode underscores the crucial necessity for enterprises to protect their data in order to adhere to privacy regulations.What you'll learn in this episode:What MarTech software is and how it can assist marketers in their work. The different security measures for different data levels.Precautions to prevent data from leaving the system.How to balance ethics, regulations, and customer expectations in MarTechPractical tips for breaking bad habits and implementing security measuresThings to listen for:[2:23] Marketing technology (MarTech) includes various tools such as email campaigns, custom landing pages, account-based software, and advertising. [4:57] Privacy concerns are rising both for users and businesses.[8:54] Regulations and privacy consciousness impact marketers today.[13:40] Data ownership and sharing responsibilities explained.[17:48] Engineers prioritize privacy, security, and ethics.[22:21] Ask for certification. [24:37] Jara's ReceiptsConnect with the Guest:Chris Vannoy's LinkedInConnect with the host:Jara Rowe's LinkedInConnect with Trava:Website www.travasecurity.com Blog www.travasecurity.com/blogLinkedIn @travasecurityYouTube @travasecurity

"Security is all about the protection of your data. While privacy is determining how your data is being used."On this episode of The Tea on Cybersecurity, join host Jara Rowe as she delves into the world of privacy and security certificates with expert guest @Marie Joseph, Senior Security Solutions Engineer at Trava.Protecting sensitive data has become more important than ever. But with the vast array of privacy and security certifications available, it can be challenging to know where to start.Marie helps us understand the different certifications and their importance. In this episode we discuss the most common privacy and security certifications, such as GDPR, CCPA, and SOC 2. We explore the benefits of obtaining these certifications, the challenges organizations may face during the process, and how to verify if a company has a privacy or security certificate. Discover the differences between various certifications and gain valuable insights on how to navigate the world of cybersecurity certificates. What you'll learn in this episode:Understand the main differences between privacy and security certifications, and the benefits they offerThe challenges that organizations face when implementing cybersecurity and privacy measures and the importance of patience in the process. The potential benefits of partnering with a cybersecurity expert.Things to listen for:[5:54] Various frameworks create cybersecurity best practice lists.[8:12] Focus on one, readiness, audit, and certificate renewal.[9:50] Understanding the costly process.[13:28] Be patient, take simple steps, and ensure feasibility.[16:37] Patience is key. Privacy and security certificates.Connect with the Guest:Marie Joseph's LinkedInConnect with the host:Jara Rowe's LinkedInConnect with Trava:Website www.travasecurity.com Blog www.travasecurity.com/blogLinkedIn @travasecurityYouTube @travasecurityGuest InformationName: Marie Joseph Title: Senior Security Solutions Engineer at TravaBio: Marie Joseph is an Indiana University alumna. While studying law and public policy, she studied abroad in the UK and learned from government agencies about US and National Security—sparking her interest in cybersecurity. Marie then headed back to IU for a master's degree in cybersecurity. Marie now helps Trava customers begin and/or mature their security and compliance programs as a Sr. Security Solutions Engineer.Social: https://www.linkedin.com/in/marie-joseph-a81394143/

"The thing about security also is the threats are always changing. So you can't just keep doing what you've been doing and think you're going to be fine. You have to adapt to the changing threat landscape."In the world of Cybersecurity, things are everchanging. This week Cybersecurity expert and CEO & Co-Founder of Trava Security Jim Goldman and Ben Phillips CPA and Director at KSM, discuss the differences between an audit and an assessment when it comes to information security internal risk assessments. Understanding the difference between a cybersecurity audit and assessment is crucial whether you are a business owner, IT professional, or auditor. Jim and Ben shed light on the motivation behind each - whether they are customer-driven or regulatory - and offer thoughts on which is right for you. If you are seeking cybersecurity certifications like SOC2 or ISO, knowing the difference is an important part of the process - along with patience, lots of patience!What you'll learn in this episode:The differences between audits and assessments and why they should be conducted. How audits and assessments work together, and how often they should be conducted.Why are both internal and external audits important in the journey to getting certified?Things to listen for:[02:47] Various certifications and audits for data security.[07:53] The main difference between an audit and an assessment [09:40] Internal audit vs External audit.[15:54] Information security assessment and preparation advice given.[21:07] Differences between type 1 and type 2 SOC 2 reports.Connect with the Guests:Jim Goldman's LinkedIn - https://www.linkedin.com/in/jigoldman/Ben Phillips' LinkedIn - https://www.linkedin.com/in/ben-phillips-cpa-cisa-citp-ccsfp-chqp-093b0111/Connect with the host:Jara Rowe's LinkedIn - https://www.linkedin.com/in/jararowe/Connect with Trava:Website www.travasecurity.com Blog www.travasecurity.com/blogLinkedIn @travasecurityYouTube @travasecurity

“When a customer compares between vendors, the one with an ISO certification is going to have an edge.”We've covered the concept of compliance frameworks in previous episodes, but now we're taking a deep dive into what it takes to obtain a specific certification: ISO 27001.If you've ever wondered about the benefits of ISO compliance and the potential challenges you may face during the certification process, you're in the right place.In this conversation, Marie Joseph, Senior Security Solutions Engineer at Trava, and Anh Pham, Senior Security Engineer at Trava, discuss the benefits that ISO compliance brings not only to your organization, but also to your stakeholders and customers.What you'll learn in this episode:ISO 27001 is an international standard for managing your security.ISO certification gives you a competitive advantage over your competitors and builds customer confidence.It's crucial to budget enough time and bandwidth to work on ISO certification.Don't stress about doing things perfectly. Use a checklist to stay organized through the process and you should be good to go.Starting with ISO certification can give you a head start on other compliance frameworks you may want to pursue in the future.Things to listen for:[02:00] What ISO 27001 is and how it fits into a broader cybersecurity strategy[05:00] The benefits of achieving ISO 27001 certification[08:00] What to expect during the certification process[11:00] Anh and Marie's advice for organizations considering ISO 27001 certificationConnect with the Guests:Marie Joseph's LinkedInConnect with the host:Jara Rowe's LinkedInConnect with Trava:Website www.travasecurity.com Blog www.travasecurity.com/blogLinkedIn @travasecurityYouTube @travasecurity

“Compliance isn't something that happens overnight.”If the phrase ‘compliance frameworks' makes you want to run for the hills, hang in there – we've got you covered. In this conversation, Marie Joseph, Senior Security Solutions Engineer at Trava, unpacks the different compliance frameworks and explains which certifications you need to meet your business goals. While compliance frameworks aren't as scary as they may sound, they do take significant time and effort to put into practice. Marie shares what to expect as you start down this path and gives advice for prioritizing the frameworks that provide the most benefit to your organization. What you'll learn in this episode:Compliance frameworks are like grocery lists from regulatory agencies – you should follow a checklist and mark items off as you complete them.There are several categories of compliance frameworks, including government and privacy.You can lean on GRC tools for help as you implement compliance frameworks in your organization.Things to listen for:[02:00] What compliance frameworks are and why they're important[07:00] Common challenges companies face when implementing compliance frameworks[11:00] How to get started with compliance frameworks[12:00] Why compliance frameworks matter to your customersResources:Season 1 SOC 2 episode with Marie: Explain SOC2 to Me Like I'm a ChildSOC 2 Compliance ChecklistTrava Blog: What is the NIST Framework?Trava Blog: How to Ensure a Successful Start to Your Cybersecurity ProgramConnect with the Guest:Marie Joseph's LinkedInConnect with the host:Jara Rowe's LinkedInConnect with Trava:Website www.travasecurity.com Blog www.travasecurity.com/blogLinkedIn @travasecurityYouTube @travasecurity

“A cyber risk assessment is nothing more than a diagnosis.”As a small or medium business, you may assume you're not a primary target for cyber attacks. Cybersecurity expert and CEO & Co-Founder of Trava Security Jim Goldman reveals that small and medium businesses are actually more likely targets than large enterprise customers. Whether you're a Fortune 500 company or a brand-new startup, it's time to take a proactive approach to your cyber security with cyber risk assessments. In this episode, you'll discover the essential frameworks and standards needed to prioritize vulnerabilities and maintain an acceptable level of risk exposure. Don't wait until it's too late–learn how to safeguard your business today.What you'll learn in this episode:Cyber risk assessments like going to the doctor for a diagnosis or annual physical.The type of cyber risk assessment you need is dependent on the type of framework you want a certificate in.Prioritize the vulnerabilities exposed in a cyber risk assessment by potential impact.Things to listen for:[02:00] Why it's crucial for companies of all sizes to conduct cyber risk assessments[10:45] What information a cyber risk assessment uncovers[13:25] How frameworks and risk assessments work together[14:30] How to prioritize the vulnerabilities uncovered in a cyber risk assessmentConnect with the Guest:Jim Goldman's LinkedInConnect with the Host:Jara Rowe's LinkedInConnect with Trava:Website www.travasecurity.com Blog www.travasecurity.com/blogLinkedIn @travasecurityYouTube @travasecurity

We're back for the second season of your favorite cybersecurity podcast, The Tea on Cybersecurity. In season one, host Jara Rowe covered the basics of cybersecurity for SaaS companies, and season two will take a deeper dive into newer topics, such as cyber risk assessments, compliance frameworks, and security certifications. The podcast is a must-listen for decision-makers with cybersecurity tasks, who may not be experts themselves. Tune in and boost your cybersecurity knowledge!Connect with the Host: Jara Rowe's LinkedInConnect with Trava:Website - www.travasecurity.comLinkedIn -@TravaSecurityInstagram -@TravaSecurityTwitter -@TravaSecurityFacebook -@TravaHQYouTube - @TravaSecurity Blog - www.travasecurity.com/blog

We did it! We made it to the end of season 1 of The Tea on Cybersecurity.So we've spilled the tea on a lot of cybersecurity in Season 1, but now it's time for some mega receipts. Podcast host, Jara Rowe, breaks down what past guests have shared with listeners that are essential to keep in mind - what cybersecurity truly means, why it's important, how it should be implemented, and when you should take it seriously. Listen in as she shares the top key takeaways that all of us need to know in order to be as safe as possible with our technology.What you'll learn in this episode:When you ignore a cyber problem because you don't understand it, it can become a very costly mistake. Rob Beeler says it's critical for us to continually educate ourselves in the cybersecurity space to avoid these mishaps.What is the asset that we're really trying to protect with cybersecurity? It's not the cyber device, it's not the laptop, it's not the phone. It's the data that one can get to through those things.Cybersecurity can make or break your company. Jake Miller says it should be about more than just your product. It should be about your organization as a whole because it affects everything. Develop a roadmap!Cybersecurity is important for a business, but no matter how much you prepare, there are mistakes that can be made. So how can a business overcome this? Cyber insurance.Things to listen for:[01:27] How to avoid the costly mistake of cybersecurity mishaps[02:28] An explanation, in detail, of what cybersecurity is[04:45] Why cybersecurity is important[05:46] Cybersecurity in the business realm and why it's essential[07:03] Cybersecurity can boost your B2B company's competitive edge[08:13] The importance of cyber insurance and what it entails of[09:34] How to keep ourselves as secure as possible[11:56] Who's at fault when a cybersecurity attack happens[12:52] Watering Hole cyber attacks[15:59] The importance of passwords for cybersecurity[17:46] Breaking down what SOC 2 is[19:00] When the right time is to start your cybersecurity programConnect with the Guests:Rob Beeler - https://www.linkedin.com/in/rob-beeler-945ab33/Jake Miller - https://www.linkedin.com/in/jakemillerindy/Jim Goldman - https://www.linkedin.com/in/jigoldman/Adam Patarino - https://www.linkedin.com/in/adampatarino/Shea McNamera - https://www.linkedin.com/in/sheamcnamara/Scott Schlimmer - https://www.linkedin.com/in/cybersecurityintelligencecia/Marie Joseph - https://www.linkedin.com/in/marie-joseph-a81394143/Connect with the Host: Jara Rowe's LinkedIn - https://www.linkedin.com/in/jararowe/Connect with Trava:Website - https://www.travasecurity.com/LinkedIn - https://www.linkedin.com/company/travasecurity/Instagram - https://www.instagram.com/travasecurity/Twitter - https://twitter.com/travasecurityFacebook - https://www.facebook.com/travaHQYouTube - https://www.youtube.com/@travasecurityBlog - https://www.travasecurity.com/blog

“It's so important to build your security programs early on because there's an expectation in the market, especially for enterprise grade SaaS companies, that you have at least started to take those programs seriously.”Jake Miller, the Chief Executive Officer of the Engineered Innovation Group, has a long background in software and product development and focuses on helping companies to design and build new digital products. As security programs are needed now, more than ever, Jake explains why it's important for Saas companies to build security into the company, not just the product, from day one. Listen in as he shares his roadmap to security.What you'll learn in this episode:The reason why it's crucial for SaaS companies to not only implement cyber security programs for their products, but ALSO for your company - starting from day one!Jake Miller's roadmap for implementing security into you company, seamlesslyHow to develop an appropriate budget for implementing security programs within your companyThings to listen for:[01:25] Why cyber security is a foreign topic for people[03:27] Jake explains what MVP stands for and what it encompasses[05:16] Why SaaS companies need to build security into the company, not just the product[10:41] How much money a company should budget for a cyber security program[12:43] Where to start when implementing a security program[15:14] The number one thing that needs to be in a security roadmap[18:24] The right timing and approach to investing in cyber security[19:45] Jakes advice for a person starting a SaaS company[22:09] Closing thoughts from JakeConnect with the Guest: Linkedin - https://www.linkedin.com/in/jakemillerindy/Engineered Innovation Group Website - https://www.engineeredinnovationgroup.com/Connect with the Host: Jara Rowe's LinkedIn - https://www.linkedin.com/in/jararowe/Connect with Trava: Website - https://www.travasecurity.com/ LinkedIn - https://www.linkedin.com/company/travasecurity/ Instagram - https://www.instagram.com/travasecurity/ Twitter - https://twitter.com/travasecurity Facebook - https://www.facebook.com/travaHQ YouTube - https://www.youtube.com/@travasecurityBlog - https://www.travasecurity.com/blog

“Because people don't fully understand technology, hackers and criminals find this as an opportunity to attack and get an edge. This is why cybersecurity is so important.”Shea McNamara, the Co-Founder and Head of Sales at Limit, focuses on melding technology and risk management for people and businesses around the world so they can achieve their aspirations. Due to the increasing amounts of cyber attacks happening in businesses, Shea shares why it's important to invest in Cyber Insurance to counteract these pitfalls. Listen in as Shea explains what Cyber Insurance is and why every business should take time to obtain it to stay safe and secure.What You'll Learn in this episode:The reason why we are seeing an increase in Cyberattacks, how to fix that, and what can happen when you don't have Cyber InsuranceWhy smaller companies are hot spots for cyber attacks and how cyber insurance can keep your brand reputableWhy you should enable MFA in any program that you're usingThings to listen for:[00:01 - 00:54] Introduction[02:10 - 03:42] What is a brokerage system[07:35 - 12:59] The in's and out's of Cyber Insurance[13:34 - 14:42] The difference between Cyber Insurance and Cyber Liability Insurance[15:01 - 18:08] Who is Cyber Insurance for and why is it important?[18:31 - 21:10] How Cyber Insurance has evolved over the years[21:20 - 24:33] Shea's predictions for the future[25:08 - 27:25] Why Trava and Limit's partnership is beneficial for customers on both sides[27:43 - 28:17] Closing thoughts from Shea[28:38 - 31:19] Jara's receiptsConnect with the Guest:Linkedin - https://www.linkedin.com/in/sheamcnamara/Limit's Website - http://www.limit.comConnect with the Host:Jara Rowe's LinkedIn - https://www.linkedin.com/in/jararowe/Connect with Trava:Website - https://www.travasecurity.com/LinkedIn - https://www.linkedin.com/company/travasecurity/Instagram - https://www.instagram.com/travasecurity/Twitter - https://twitter.com/travasecurityFacebook - https://www.facebook.com/travaHQYouTube - https://www.youtube.com/@travasecurityBlog - https://www.travasecurity.com/blog

“Two-thirds of small, medium-sized businesses are the ones that are most attacked. Hackers specifically look for these!”Marie Joseph, the Security Solutions Engineer at Trava, specializes in helping companies start their security program, and/or help mature it. With the rise in attacks of cyber security in businesses, Marie talks all about when the appropriate time to start a security program to avoid any pitfalls, how to keep up with security and technological changes, and what it looks like for a company being ‘forced' to start a cyber security program. listen in as Marie dives into all of these aspects while providing tips to keep your technology and business safe.What You'll Learn in this episode:1. Suggested timeframe to start cyber security to avoid any attacks on your business2. The five components to a strong cyber security program that every business needs to look at3. Whether you should start a cyber security program out of force from a regulatory agency, or out of wanting to for your own sakeThings to listen for:[00:01 - 01:01] Introduction[02:42 - 03:32] The various stages where businesses start their security programs[03:48 - 04:54] Ways cyber-risk has been changing[05:18 - 05:50] What it looks like to be ‘forced' into a security program[06:35 - 07:56] Key components to a strong cybersecurity program[08:19 - 09:32] Regulatory agencies and compliance certificates[09:45 - 09:53] One thing a cybersecurity plan MUST have[11:55 - 12:35] Cybersecurity predictions over the next 5 years[13:47 - 15:51] Closing thoughtsConnect with the Guest:Linkedin - https://www.linkedin.com/in/marie-joseph-a81394143/Connect with the Host:Jara Rowe's LinkedIn - https://www.linkedin.com/in/jararowe/Connect with Trava:Website - https://www.travasecurity.com/LinkedIn - https://www.linkedin.com/company/travasecurity/Instagram - https://www.instagram.com/travasecurity/Twitter - https://twitter.com/travasecurityFacebook - https://www.facebook.com/travaHQYouTube - https://www.youtube.com/@travasecurityBlog - https://www.travasecurity.com/blog

"Make sure you stay up to date on the latest trends and technologies - it's the key to success!"As a Cyber Risk Specialist at Trava, Scott Schlimmer is in charge of evaluating a company's security posture and creating a plan on how to best strengthen security and reduce risk. But the question he is answering today is WHO'S TO BLAME?? Cybersecurity risk can be a scary subject for any company, and on today's episode, Scott talks with host, Jara Rowe about the process companies take when there is a security breach and the intricacies based on what security framework they have in place. Listen in for this as well as his thoughts on AI, multi-factor authentication, and some key terms to know. Head over to YouTube for our extended version of the interview.What You'll Learn in this episode:How are privacy laws changing?The latest advances in AI technologyWho is to blame for a security breach?Things to listen for:[00:01 - 01:03] Introduction[01:52 - 02:12] Why people find cybersecurity confusing and intimidating[03:25 - 04:20] Common cyber risks that come with cloud platforms[04:31 - 05:35] Importance of multi-factor authentication[05:57 - 07:17] Taking responsibility for a security breach - who's to blame[08:12 - 08:54] Ways companies can check the security of a third party[11:55 - 12:41] Scott's cybersecurity prediction for 2023[13:48 - 14:24] Final thoughts from Scott[14:38 - 15:57] Jara's receiptsConnect with the Guest:Linkedin - https://www.linkedin.com/in/cybersecurityintelligencecia/Connect with the Host:Jara Rowe's LinkedIn - https://www.linkedin.com/in/jararowe/Connect with Trava:Website - https://www.travasecurity.com/LinkedIn - https://www.linkedin.com/company/travasecurity/Instagram - https://www.instagram.com/travasecurity/Twitter - https://twitter.com/travasecurityFacebook - https://www.facebook.com/travaHQYouTube - https://www.youtube.com/@travasecurityBlog - https://www.travasecurity.com/blog

"You don't have to be perfectly secure. You just have to be more secure than the next business."Jim Goldman has been in the cybersecurity sector for over 30 years—he's seen some things. Which made him the perfect person for Jara to speak with about what will be on the horizon in the world of cybersecurity in 2023. In this episode, Jim warns of potentially dangerous trends around AI and cyber-warfare and hits on the importance of prioritizing security. Listen in for tips on what to watch out for as cybercriminals try to up their game and how businesses can become wiser about protecting themselves. And please, change your passwords!What You'll Learn:How artificial intelligence apps are blurring the lines between ransomware and cyber-warfareThe importance of vendor risk management and the misconception that SaaS apps are inherently secureWhy there's an increased risk of attacks on individuals as businesses become more secureThings to listen for:[00:01 - 01:09] Introduction[01:20 - 02:59] Jim's background in cybersecurity[03:25 - 06:40] The Dangers on ChatGPT[07:12 - 10:45] Business Related Cybersecurity Trends[11:04 - 14:09] Ransomware and Cyber warfare in 2023[17:00 - 19:21] Expert insights on what not to do[19:39 - 20:28] Final thoughts from Jim[20:57 - 23:16] Receipts from JaraConnect with the Guest:Linkedin - https://www.linkedin.com/in/jigoldman/Connect with the Host:Jara Rowe's LinkedIn - https://www.linkedin.com/in/jararowe/Connect with Trava:Website - https://www.travasecurity.com/LinkedIn - https://www.linkedin.com/company/travasecurity/Instagram - https://www.instagram.com/travasecurity/Twitter - https://twitter.com/travasecurityFacebook - https://www.facebook.com/travaHQYouTube - https://www.youtube.com/@travasecurityBlog - https://www.travasecurity.com/blog

Marie Joseph knows a thing or two about security compliance. As a Senior Security Solutions Engineer at Trava Security, Marie helps clients through the process of becoming SOC 2 certified…. but what is SOC 2?In this episode, Marie helps us get to the bottom of what SOC 2 certification is and why it's important for companies to attain. Listen in for the 101 on SOC 2, ISO 27001 and GDPR (that's a lot of numbers and letters.)In this episode, you will learn the following:What is SOC 2 and why is it important for companies to be certified?How does compliance relate to security and what are the different compliance frameworks?What is the difference between SOC 2 and ISO, and which one should a company choose?Things to listen for:[00:00 - 00:53] Introduction[02:39 - 05:00] What is SOC 2 and why is it important?[05:18 - 06:30] The difference between security and compliance[06:36 - 07:16] Security controls that SOC 2 certification focuses on[07:42 - 09:54] How to choose which framework works best for your company[10:06 - 11:21] The different types of SOC 2 certifications[11:38 - 12:44] When and how to start certification[13:05 - 14:27] Final thoughts from Marie[14:32 - 15:33] Jara's receiptsConnect with the Guest:Marie's Linkedin - https://www.linkedin.com/in/marie-joseph-a81394143/Connect with the Host:Jara Rowe's LinkedIn - https://www.linkedin.com/in/jararowe/Connect with Trava:Website - https://www.travasecurity.com/LinkedIn - https://www.linkedin.com/company/travasecurity/Instagram - https://www.instagram.com/travasecurity/Twitter - https://twitter.com/travasecurityFacebook - https://www.facebook.com/travaHQYouTube - https://www.youtube.com/@travasecurityBlog - https://www.travasecurity.com/blog

“In order to make sure that we are trusted and our customers feel safe uploading and managing their content with us, we have to show that we take compliance seriously.”Successes compliance strategies aren't always easy, but boy are they necessary. In this episode of The Tea on Cybersecurity, host Jara Rowe speaks with Adam Patarino, CPO and Co-Founder of Casted, a podcast and video content marketing platform. They discuss the importance of becoming SOC 2 certified to ensure the safety of their customers and their customers' customers. They delve into why it's best to invest early in cybersecurity as a startup and the importance of working with a trusted partner on the journey to compliance. Listen in for more on cybersecurity compliance and risk management.What You'll Learn:What are the benefits of becoming SOC 2 certified for a SaaS company?What tools and strategies should SaaS companies use to ensure both security and compliance?What are the advantages of taking a proactive approach to cyber security and why is it important?Things to listen for:[00:14 - 00:52] Introduction[01:06 - 02:08] Introduction to Adam Patarino, CPO of Casted[02:17 - 03:28] What Cybersecurity is for Casted[03:53 - 05:27] The importance of cybersecurity for startups[05:57 - 06:57] SOC 2 Certification and the beginning of Casted's journey to this goal[06:57 - 08:13] The importance of starting early[10:47 - 11:59] Training all staff on compliance and cybersecurity[12:20 - 13:46] Process of investing in the right buckets[13:59 - 15:16] Adam's background and previous knowledge of SOC 2[15:27 - 16:24] Advice Adam has for those looking at SOC 2 compliance[17:37 - 19:35] Jara's Receipts and takeawaysConnect with the Guest:Adam's LinkedIn - https://www.linkedin.com/in/adampatarino/Casted LinkedIn - https://www.linkedin.com/company/gocasted/Connect with the Host:Jara Rowe - https://www.linkedin.com/in/jararowe/Connect with Trava:Website - https://www.travasecurity.com/LinkedIn - https://www.linkedin.com/company/travasecurity/Instagram - https://www.instagram.com/travasecurity/Twitter - https://twitter.com/travasecurityFacebook - https://www.facebook.com/travaHQYouTube - https://www.youtube.com/@travasecurityBlog - https://www.travasecurity.com/blog

Everything in the world revolves around people, including cybersecurity.We all know people are complex, unique, and full of surprises, making it hard to guess what they will do. This unpredictability causes a headache for companies when it comes to cybersecurity.In this episode of The Tea on Cybersecurity, host Jara Rowe dives into the human element of protecting yourself with Trava's CTO and Co-Founder, Rob Beeler. Listen in as they discuss why humans are the weakest link and share ways to protect your teams when working from home.What You'll Learn:What cyber attacks look like at work and at homeHow to protect your teams from being victims of cyberattacksHow to protect yourself while working from homeThings to listen for:[00:14 - 01:05] Introduction[01:23 - 02:36] What makes employees an easy target for hackers[02:53 - 04:09] How to protect you and your team members[04:09 - 04:35] Social engineering, aka phishing[05:08 - 06:42] Challenges with working from home[06:59 - 08:33] The measures Trava takes to stay cybersafe[09:34 - 10:11] Five cybersecurity protocols for businesses to try today[11:03 - 12:38] Keeping yourself safe from cybercrime outside of work[13:21 - 14:39] Jara's receiptsConnect with the Guest:Linkedin - https://www.linkedin.com/in/rob-beeler-945ab33/Connect with Trava:Website - https://www.travasecurity.com/LinkedIn - https://www.linkedin.com/company/travasecurity/Instagram - https://www.instagram.com/travasecurity/Twitter - https://twitter.com/travasecurityFacebook - https://www.facebook.com/travaHQYouTube - https://www.youtube.com/@travasecurityBlog - https://www.travasecurity.com/blog

If the check engine light came on in your car, would you go to an auto parts store and grab random items to fix the problem? Unlikely. So why do business owners take that hap-hazard approach to protecting themselves against cyberattacks? In this episode of The Tea on Cybersecurity, Jim Goldman, CEO and Co-founder of Trava Security, shares why having a risk management plan and creating a cybersecurity strategy is crucial for small to medium businesses.What You'll Learn:Why small-to-medium companies are easy targets for criminalsThe importance of having a risk management planWhen you should invest in a cybersecurity strategyThings to listen for:[00:21 - 00:54] Introduction[01:17 - 03:42] Why companies wrongly feel they aren't targets[04:14 - 05:41] The watering hole attack[06:07 - 10:21] Putting together a risk management plan[06:07 - 10:21] When leadership should invest in a cybersecurity plan[14:17 - 16:45] What cyber insurance is and why you might need it[16:59 - 18:01] Jim's final thoughts[18:05 - 20:19] Jara's receiptsConnect with the Guest:Linkedin - https://www.linkedin.com/in/jigoldman/Connect with Trava:Website - https://www.travasecurity.com/LinkedIn - https://www.linkedin.com/company/travasecurity/Instagram - https://www.instagram.com/travasecurity/Twitter - https://twitter.com/travasecurityFacebook - https://www.facebook.com/travaHQYouTube - https://www.youtube.com/@travasecurity Blog - https://www.travasecurity.com/blog

If you ignore cybersecurity threats, it's only worse in the end since hackers are smart, and it's a never-ending web of attacks and breaches. Understanding what those threats are is the first step.In this episode of The Tea on Cybersecurity, host Jara Rowe dives into the complicated world of cybersecurity terminology with Trava's CTO and Co-Founder, Rob Beeler. They discuss common terms like phishing, spam, endpoint protection, vulnerabilities, and risks associated with cyber attacks. Rob also stresses the importance of educating yourself and others on these terms to help prevent future attacks.What You'll Learn:What are Phishing Cyber attacks, and how Trava's Phishing SimulatorWhat endpoint protection is and tools used to look for security vulnerabilitiesThe difference between threats, vulnerabilities, and riskThings to listen for:[00:20 - 01:21] Introduction[01:35 - 02:22] Rob Beeler's introduction and background in cybersecurity[02:32 - 03:03] Explanation of endpoint protection[03:12 - 05:24] The importance of understanding terminology[05:54 - 06:49] Examples of cyberattacks[07:07 - 08:51] The definition of phishing[10:52 - 11:25] The difference between phishing and spam[11:33 - 12:39] Definition of vulnerabilities vs. threats and risks[13:13 - 15:50] Statistics of phishing attacks and their impact on companies[16:04 - 18:11] Jara's receiptsConnect with the Guest:Linkedin - https://www.linkedin.com/in/rob-beeler-945ab33/Connect with Trava:Website - https://www.travasecurity.com/LinkedIn - https://www.linkedin.com/company/travasecurity/Instagram - https://www.instagram.com/travasecurity/Twitter - https://twitter.com/travasecurityFacebook - https://www.facebook.com/travaHQYouTube - https://www.youtube.com/@travasecurityBlog - https://www.travasecurity.com/blog

Jim Goldman began his career as a Professor of Network Engineering at Purdue University back when the world was only starting to understand the internet. As times have changed, so has Jim, and today he's the CEO and Co-Founder of Trava Security. Network security, now called cybersecurity, has expanded exponentially, touching everything with a microchip and more.In this episode of The Tea on Cybersecurity, Jim gives a crash course on cybersecurity basics and how it relates to us all. He also discusses his journey to co-founding his own company, the first cybercrime, and some tactics cybercriminals use today to get their hands on your data.What You'll Learn:Cybersecurity isn't just for experts and big businesses, take action to secure your dataAll electronic devices are vulnerable to cyberattacks, be aware of what information you put whereAs cybersecurity evolves, so do cybercrimes, stay in the know about possible breachesListen in for:[00:21 - 00:50] Introduction[01:05 - 03:08] Jim's introduction to cybersecurity[03:41 - 05:12] The expansive realm of cybersecurity[05:43 - 07:49] Simplifying Cybersecurity: Guarding digital assets like a valuable treasure[08:05 - 14:20] Staying Cyber-Savvy: Simple steps for data security[14:58 - 15:35] You can be more secure than you areConnect with the Guest:Linkedin - https://www.linkedin.com/in/jigoldman/Connect with Trava:Website - https://www.travasecurity.com/LinkedIn - https://www.linkedin.com/company/travasecurity/Instagram - https://www.instagram.com/travasecurity/Twitter - https://twitter.com/travasecurityFacebook - https://www.facebook.com/travaHQYouTube - https://www.youtube.com/@travasecurityBlog - https://www.travasecurity.com/blog

Cybersecurity—a word we hear all the time. Show of hands for those that actually understand what it means.The Tea on Cybersecurity is here to help educate the newbs on what cybersecurity is, why it is important, and everything in between. The Tea on Cybersecurity is for everyone, but especially those small and medium sized businesses that are starting their journey in building a cyber risk management program. Each show is about 15 minutes long to deliver you with the facts and less fluff.